zdl_cryptofandomcom-20200214-history
Proof-of-Stake (PoS)
Basics * First implemented by PeerCoin and Nxt in 2012 and 2013 respectively. * In general, a proof-of-stake algorithm looks as follows. There exists some set of coin holders that place their coins into a proof-of-stake mechanism and thereby become validators. Given a particular blockchain "head" (ie. the latest block in a blockchain), the algorithm randomly selects one of these validators (the randomness being weighted by deposit size, so a validator with 10000 coins has 10x the chance of a validator with 1000 coins) and assigns to them the right to create the next block. If that validator does not create a block within some period of time, then a secondary validator is selected that can create the block instead. Just like in proof-of-work, the "longest chain" is considered to be the canonical one. * Note that there are many deviations from this model. In earlier Peercoin-style algorithms, a different validator was assigned block creation rights every second. Sometimes, there is no explicit mechanism for "becoming a validator"; every coin holder is a potential validator, though if a coin holder is offline or uninterested in validating then they may well "skip their turn". In some algorithms, there is no notion of validator selection; instead, a traditional Byzantine-fault-tolerant consensus algorithm is used to get all validators to agree on the next block. The seed for the pseudorandom algorithm that chooses the next validator can also be chosen in different ways. However, the principle of using coins, deposited or otherwise, as a substitute for miners is invariably there. * Besides forging new blocks, some protocols also give Stakers the power to participate in governance of the protocol, according to their amount of staked coins. A bit more on that here. The Benefits: * From the ETH Github page: - No need to consume large quantities of electricity in order to secure a blockchain. ''- Because of the lack of high electricity consumption, there is not as much need to issue as many new coins in order to motivate participants to keep participating in the network. It may theoretically even be possible to have negative net issuance, where a portion of transaction fees is "burned" and so the supply goes down over time.'' ''- Possibly reduced vulnerability to selfish-mining attacks through "co-operative game theory", though proof of work can also do this to some extent.'' ''- Reduced centralization risks, as economies of scale are much less of an issue. $10 million of coins will get you exactly 10 times higher returns than $1 million of coins, without any additional disproportionate gains because at the higher level you can afford better mass-production equipment.'' ''- Ability to use economic penalties to make various forms of 51% attacks vastly more expensive to carry out than proof of work - to paraphrase Vlad Zamfir, "it's as though your ASIC farm burned down if you participated in a 51% attack".'' * From this post by FlatOutCrypto (4-5-2018): "Like PoW, PoS solves the Byzantine Generals Problem - albeit through a different means. It empowers the distributed and un-coordinated Generals to come to an agreement despite communication not being instantaneous and with potentially contradictory signals being sent: * The Generals become validators by depositing their assets * The pre-set algorithm selects a General to become a validator for the next block, which the General creates * Another General is subsequently chosen to become a validator and references/builds upon the previous block to form a growing chain. As a result it becomes clear which chain most Generals are contributing to * The Generals know how quickly each block takes to be created under the PoS consensus algorithm and so after a period of time will be able to know if enough of the other Generals are working on the same chain to be able to make a successful attack This solves the Byzantine Generals Problem in a more efficient and environmentally friendly manner, eradicating the high energy and hardware costs associated with PoW. Through doing so it also removes the economies of scale the largest miners in PoW profit from. PoS gives all users an equal chance, proportional to their holdings, to receive a reward. As PoS allows small stakes the same participation rights as the largest, it should lead to a more decentralized network. Furthermore, PoS ties validators to the network by incentivizing them. Whereas miners may mine Bitcoin and immediately dispose of it, or switch to mining something more profitable, PoS ensures that validators lock their funds up for a set period of time for the use of the network. Additionally, dishonest actions put their stake in jeopardy. This further allies a validator to the network they are securing." * From Token Tuesdays (17-12-2019): "..let’s reflect on why staking matters. Seeing as we’re largely operating in a distributed ecosystem where influence is spread across a global scale, staking provides: # Security - The more capital staked in any given product or service, the more secure it becomes due to a larger amount of capital needed to game the system. # Scalability - While Proof-of-Work has served as a solid foundation, it’s largely recognized that Proof-of-Stake will drastically increase throughput, further increasing the opportunity for any public blockchain-based application to reach a mainstream audience. # Decentralization - Staking is inherently permissionless, meaning that you don’t have to *ask* anyone to stake your assets. While we are likely to see large providers aggregate a significant majority of staked capital, the notion that anyone can contribute to the validation of a network is pretty powerful. # Accessibility - With staking, rewards become accessible to non-technical users. As tools continue to advance, it’s likely the staking will become easier to navigate for beginners. # Novelty - Different products can leverage unique schemas to incentivize their community to participate. At the end of the day, staking is the clearest illustration of putting skin in the game." Critiques on PoS * Many BTC proponents do not believe in PoS. Andrew Poelstra for instance. From a transcript (Summer 2019) by Andrew Poelstra (Blockstream) and David Vorick (Sia): "Proof-of-stake is incredibly popular in the altcoin world. It's almost unconditionally popular. It falls back to traditional byzantine fault tolerance models. In proof-of-stake, you see 51% assumptions. Normally things fall away from incentive compatibility. I'm just going to say there's many issues. In 2012 and 2013 a lot of bitcoin developers did a deeper dive into proof-of-stake and identified a bunch of issues that transcend any particular issues. Like holding on to your keys after you spend your coins, that's a fundamental issue. Andrew wrote two papers about the fundamental challenges with proof-of-stake. I think it's fair to say since 2013 none of those issues have been addressed by proof-of-stake proposals. Unfortunately, there are so many ways to approach proof-of-stake paradigms that it's hard to talk through because once you dismantle any implementation everyone is like "well yeah that was the broken one". At some point, I hope there's a proof-of-stake implementation that everyone likes and we can attack it directly. But it's just too much. https://download.wpsoftware.net/bitcoin/pos.pdf https://download.wpsoftware.net/bitcoin/alts.pdf https://download.wpsoftware.net/bitcoin/asic-faq.pdf "'' * From this post by FlatOutCrypto (4-5-2018): ''"Firstly, although PoS is theoretically more democratic (as it gives all users an equal chance to participate, and avoids economies-of-scale issues that PoW suffers from) it will suffer from the same issue – decentralized networks edging towards centralization. The biggest holders will receive the most rewards, and therefore grow larger, creating a vicious cycle in which the big get bigger and the small get increasingly diluted. As these large interests accumulate, it is likely they will then begin to collude rather than compete. This may lead to these owners making changes that benefit them over the needs of others. Because your funds are “locked” when staked, it is likely that only a minority of network users will participate in staking and thus receive rewards, this accumulation of power could be pronounced. This lack of participation also means that a 51% attack on the network only requires a malicious actor to possess 51% of the amount being staked, not the total supply. Proponents argue that the network could be forked in the event of an attack, and the attacker’s staked amount destroyed. The idea is that unlike PoW (where an attacker need solely buy enough mining equipment to take over the network and could redirect said equipment to another PoW system after the attack), with PoS an attacker would have to buy 51% of the total staked supply every attack. However, this relies heavily on an attacker not having the resources or the determination to be willing to make these sacrifices, and that the forked network could survive the loss of confidence an attack would bring. Many PoS networks also require validators to possess a minimum (usually significant) amount of the asset to be able to stake. As the majority of users will not possess enough, staking pools will spring up as mining pools did before them, leading to further centralization. PoS is also potentially vulnerable to the ‘nothing at stake’ problem, where validators have nothing to lose by voting for multiple forks of the network. Through this, a validator would gain stakes in two chains. The value retained by the Bitcoin and Ethereum forks Bitcoin Cash and Ethereum Classic highlights the motivation to do this. Whereas a miner on a PoW system such as Bitcoin could only dedicate 100% of their resources to one network at a time, PoS enables validators to easily validate both chains. PoS remains in relative infancy, but project teams have already begun to try improving upon it, merging the good parts of PoS (energy efficiency, allying users to the network) with other means of achieving consensus." * From a post by HackerNoon (30-9-2019): "Staking tokens today are making a step towards providing nuance. Staking tokens allow people to have different weights in their voting. Someone holding more staking tokens can have more votes or more influential votes than someone with fewer staking tokens. In some systems, such as Augur, this can make a lot of sense. Staking tokens are held by experts who can decide how much to stake on a particular decision, and their return on the stake depends on the correctness of their prediction. In a system where tokens can be earned but not bought, this makes sense. However, in a system where tokens can be purchased, someone with a bad reputation could hold more tokens than someone with a good reputation. Steem is fundamentally flawed in this way. There’s no differentiation between tokens purchased and tokens earned. Furthermore, there’s no cumulative measure of tokens earned; just tokens held." * From this post by Token Tuesdays (29-1-2020): "While staking models has become quite commonplace in many crypto-economic systems, almost all of them rely on the notion of issuing rewards in the protocol’s native asset. This inherently limits value-accrual narratives as parties such as validators will ultimately need to liquidate their rewards to cover expenses at some point in time, creating an immense amount of sell pressure within largely illiquid assets and nascent ecosystems. '' Instead, let’s consider schemas which:'' # Offer rewards in an exogenous asset (ETH, BTC, DAI, etc.) # Are not reliant on the native asset for rewarding work # Establish clear-cut value accrual mechanisms to mitigate sell pressure" The post does go on to say there are a bunch of projects (like 0x and REN) that have utilized this, Possible attacks on PoS * Long Range Attack * Grinding Attack * Nothing at Stake Attack * Weak Subjectivity * From this blog: "Ethereum is not the first protocol to attempt to use proof of stake (PoS) as a consensus method. Peercoin implemented PoS in 2013 and other projects implemented their own versions of PoS not too long after (PIVX, Reddcoin, etc). These projects hoped that PoS would eliminate the problems associated with energy intensive mining while maintaining the high levels of security and decentralization required of a cryptocurrency network. The PoS community was enthusiastic about their new consensus method, but skeptics were quick to cite two theoretical security issues facing PoS; the long range attack and the nothing at stake problem. '' ''What is the Stake in Proof of Stake? When I first learned about proof of stake, I thought that “stake” referred to the security deposits that validators (aka PoS miners) had to submit before they were allowed to propose and validate blocks. This is true for Ethereum’s planned PoS upgrade, but the first blockchain projects implementing PoS did not require a security deposit. In early versions of PoS, you only needed to own tokens in order to be eligible to be a validator (aka PoS miner). Holding tokens in your wallet was your stake. If validators attacked the network, nothing happened to their “staked” coins. If No Security Deposit, Why Call It Stake? So here is why they still call it stake. The idea was that if you owned a PoS network’s token, you had an interest in the success of that network. The more of the token you owned, the more you had “at stake” if the network was attacked. This is because, if the network was successfully attacked, the value of your tokens was likely to significantly drop. Under this logic, it made sense to grant validation rights proportional to the amount of stake you had in the network. For instance, if your staked tokens represent 10% of all tokens that are collectively staked by validators, you can expect to propose and validate ~ 10% of all blocks. With 10% stake, you are allowed to have more influence over the network compared to people with less stake because, theoretically, you have more to lose if you disrupt the network." Staking Stablecoins * "So while (6-8-2019) you can’t actually “Stake” stablecoins by the proper definition, you can lock them up and earn interest on them in a very low risk high APR way. Has it happened and what is ETH doing to prevent it * From this blog (2018): "The nothing at stake theory is the assumption that in early versions of PoS, every validator will build on every fork when a fork takes place. After researching for any evidence or even mention of the nothing at stake problem actually occurring, I could not find anything. Either way, Ethereum’s Casper aims to take the potential of the nothing at stake theory seriously. In order to reduce the likelihood that validators builds on all forks, validators will be penalized by losing a portion or all of their security deposit. It seems likely that penalizing validators through security deposits will keep this theory an impossibility." Verus's sollutions * Nothing at Stake and Weak Subjectivity have been solved by Verus, or so it claimed, back in this blog post in 10-2018. It basically comes down to: "Removing any incentive to attempt cheating, making it a losing proposition. This, combined with a new “Chain Power” rule which will replace “Chain Work”, presents the PoW+PoS blockchain."Category:Jargon/Various